25 Worst Passwords

This list is the 2015 version of the group’s annual compilation of poor password hygiene. The report is based on more than 2 million passwords leaked throughout the year.

While the top five worst passwords hardly shifted in their positions, there are new and (slightly) longer additions to the list. The longer passwords are still ridiculously easy to guess and are most likely a result of Web sites attempting to prod users into creating more secure credentials.

“We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns, they will put you in just as much risk of having your identity stolen by hackers,???. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.

Here’s the list, with changes accounted for 2014. Hopefully none of these are in use in your organization today:

Rank Password Change from 2014

1.  123456 Unchanged
2. password Unchanged
3. 12345678 Up 1
4. qwerty Up 1
5. 12345 Down 2
6. 123456789 Unchanged
7. football Up 3
8. 1234 Down 1
9. 1234567 Up 2
10. baseball Down 2
11. welcome New
12. 1234567890 New
13. abc123 Up 1
14. 111111 Up 1
15. 1qaz2wsx New
16. dragon Down 7
17. master Up 2
18. monkey Down 6
19.  letmein Down 6
20. login New
21. princess New
22. qwertyuiop New
23. solo New
24. passw0rd New
25. starwars New